在linux内核上寻找系统调用实现
[英]Looking for system calls implementation on linux kernel
问题描述
I'm looking for the implementations of open() , close() , write() and unlink() , but I can't find them anywhere! 
我正在寻找open() , close() , write()和unlink() ,但我无法在任何地方找到它们! Every function I find is like sys_open , do_open , etc_open ... but nothing with the interface we use. 我觉得每个功能就像sys_open , do_open , etc_open ......但没有与我们使用的接口。 Can you help me? 你能帮助我吗?
I need to discover what kind of security checks they make 我需要发现他们做了什么样的安全检查
2 个解决方案
解决方案1
7 2012-02-20 01:27:52
If you mean the library calls such as those found in fcntl.h , they're not part of the kernel, they're part of glibc . 如果你的意思是像fcntl.h那样的库调用,它们不是内核的一部分,它们就是glibc一部分。
If you are referring to the actual kernel calls, the system call xyzzy is usually handled by the function sys_xyzzy . 如果你指的是实际的内核调用,系统调用xyzzy通常是由函数处理sys_xyzzy 。
The entry.S file, at least in 2.4 (I haven't looked at later kernels), held a table mapping system call numbers to functions: entry.S文件,至少在2.4(我以后没有看过内核),持有一个表映射系统调用号到函数:
.data
ENTRY(sys_call_table)
.long SYMBOL_NAME(sys_ni_syscall) /* 0 - old "setup()" system call*/
.long SYMBOL_NAME(sys_exit)
.long SYMBOL_NAME(sys_fork)
.long SYMBOL_NAME(sys_read)
.long SYMBOL_NAME(sys_write)
.long SYMBOL_NAME(sys_open) /* 5 */
.long SYMBOL_NAME(sys_close)
.long SYMBOL_NAME(sys_waitpid)
.long SYMBOL_NAME(sys_creat)
.long SYMBOL_NAME(sys_link)
.long SYMBOL_NAME(sys_unlink) /* 10 */
.long SYMBOL_NAME(sys_execve)
.long SYMBOL_NAME(sys_chdir)
.long SYMBOL_NAME(sys_time)
.long SYMBOL_NAME(sys_mknod)
.long SYMBOL_NAME(sys_chmod) /* 15 */
:
.long SYMBOL_NAME(sys_ni_syscall) /* sys_remap_file_pages */
.long SYMBOL_NAME(sys_ni_syscall) /* sys_set_tid_address */
KernelGrok seems to have a useful page showing the system calls, their names, parameters, and where to find the source. KernelGrok似乎有一个有用的页面,显示系统调用,它们的名称,参数以及查找源的位置。 For example (slightly reformatted): 例如(稍微重新格式化):
0 sys_restart_syscall
eax = 0x00
kernel/signal.c:2058
1 sys_exit
eax = 0x01
ebx = int error_code
kernel/exit.c:1046
2 sys_fork
eax = 0x02
ebx = struct pt_regs *
arch/alpha/kernel/entry.S:716
3 sys_read
eax = 0x03
ebx = unsigned int fd
ecx = char __user *buf
edx = size_t count
fs/read_write.c:391
4 sys_write
eax = 0x04
ebx = unsigned int fd
ecx = const char __user *buf
edx = size_t count
fs/read_write.c:408
:
and so on. 等等。 But, being old school, I prefer to keep kernel sources local and just use grep :-) 但是,作为老派,我更喜欢将内核源代码保留在本地,只使用grep :-)
解决方案2
6 已采纳 2012-02-20 06:42:10
You need to look for SYSCALL_DEFINE macro in kernel sources. 您需要在内核源代码中查找SYSCALL_DEFINE宏。 For example, grepping for unlink at /fs gives the following: 例如,在/fs处unlink以获取以下内容:
$ grep -r -n SYSCALL_DEFINE *.c | grep unlink
namei.c:2811:SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
namei.c:2822:SYSCALL_DEFINE1(unlink, const char __user *, pathname)
Note that the number after SYSCALL_DEFINE is the syscall argument count. 请注意, SYSCALL_DEFINE之后的数字是syscall参数计数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.